Privacy Policy

QuotaSight (“we”, “us”) is a sales call intelligence platform operated by Grow Big Ventures LLC. This policy explains what information we collect when you use the app at quotasight.co, how we use it, and what choices you have. It applies to customers, prospects, and visitors to our marketing site.

• Account information. Email address, name, organization name, and (optionally) industry segment when you sign up.
• Sales call data you connect. When you authorize a call recorder integration (Fathom, Gong, Fireflies, Otter), we ingest call metadata, attendee lists, transcripts, and recordings you have already created in those services. We do not record calls ourselves.
• Calendar data you connect. If you authorize Google Calendar or Microsoft 365, we read meeting metadata to cross-reference with recorded calls. We never write to your calendar.
• Daily entry data. Numbers your team submits via the daily-entry forms (call counts, deals closed, revenue, etc.).
• Payment integration data. If you connect Whop or FanBasis, we read customer and charge information to verify deal closures.
• Billing information.Processed by Stripe. We don’t store full card numbers.
• Operational logs. IP address, user-agent, actions taken in the app (for security monitoring and debugging).
• Product usage events. Page visits and clicks on the QuotaSight interface, tagged with your user and workspace. We use this to understand which features are used, which are underused, and what to build next. We do notlog the contents of any input field, transcript, prospect record, or note — only the action taken and the page it happened on. Retained for 90 days then deleted.

• To provide the product (analyze your calls, surface patterns, generate dashboards).
• To improve our analysis quality on a per-customer basis using your historical data — never across customers.
• To send transactional email (account notifications, billing receipts, invitations you initiate).
• To monitor for security issues and operational problems.
• To respond to support requests.
• To comply with legal obligations.

We do not sell your data. We do not use customer call content to train any third-party AI model. We do not share your data with advertisers.

We use Anthropic’s Claude models to analyze your sales call transcripts and metadata. Calls are sent to Anthropic’s API over TLS for analysis and discarded by Anthropic per their enterprise terms — they do not train on our customers’ inputs.

When you choose to connect Google Calendar, QuotaSight requests OAuth access to the following Google API scopes:

• auth/calendar.readonly — read-only access to your calendar list
• auth/calendar.events.readonly — read-only access to your calendar events (titles, attendees, times)
• auth/userinfo.email— your account email so we can display “Connected as <you@example.com>” in the UI
• openid — standard OpenID identifier

QuotaSight’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google API data only to:

• Match scheduled meetings against recorded calls so sales managers can see no-show, reschedule, and call-conversion metrics.
• Auto-populate the connected user’s daily-entry form (calls on calendar, calls taken, second calls booked, etc.).

We do not:

• Use Google API data to train any AI or machine learning model — neither ours nor any third party’s.
• Use Google API data for advertising of any kind.
• Sell, rent, or transfer Google API data to data brokers, advertisers, or any other third party.
• Permit human access to Google API data except (a) with the user’s explicit consent during a support request, (b) for security investigations of suspected abuse or fraud, or (c) to comply with applicable law.
• Write to your Google Calendar — all access is read-only.

You can revoke QuotaSight’s access at any time from your Google Account permissions page or by clicking Disconnect on the calendar card inside QuotaSight. On disconnect we delete the stored OAuth tokens immediately. Cached calendar event metadata is purged on the next sync cycle (within 1 hour) or sooner upon request to privacy@growbigventures.com.

When you choose to connect Outlook / Microsoft 365, QuotaSight requests the following Microsoft Graph delegated permissions: Calendars.Read, User.Read, offline_access, openid, email. The same Limited Use commitments described in the Google API access section above apply identically to Microsoft Graph data: read-only, no AI training, no advertising, no third-party transfer, revocable at any time.

We rely on the following sub-processors to deliver the product. Each handles customer data under their own data processing agreement and security posture:

• Vercel — hosting + edge runtime
• Supabase — database + authentication
• Anthropic — AI analysis (Claude)
• Stripe — payment processing
• Resend — transactional email
• GitHub — source control + CI

We retain customer data for as long as you have an active account. When you cancel:

• Your access ends at the end of your current billing period.
• Data is soft-deleted and recoverable for 90 days via account restore.
• After 90 days, data is permanently purged from production systems.
• Backup copies expire on the same backup-rotation schedule (up to 30 additional days).

If you’re a customer or end user, you can:

• Export your data at any time (CSV / JSON) from /billing.
• Request access to a copy of all data we hold about you.
• Request deletion of your data (subject to legal-retention obligations).
• Request correction of inaccurate data.
• Opt out of non-transactional emails (we don’t send marketing email today).

California residents have additional rights under CCPA, including the right to know what categories of personal information we collect and the right to non-discrimination. To exercise any of these rights, email privacy@growbigventures.com.

We use a small number of essential first-party cookies for authentication and session management. We do not use third-party advertising cookies, fingerprinting, or cross-site tracking. Vercel collects basic analytics (page-load timing, route hits) that we use to monitor performance — these are anonymized and not joined to user identity.

See our public security overview for the controls we operate. Briefly: TLS in transit, AES-256 at rest, Postgres row-level security for tenant isolation, and magic-link authentication.

QuotaSight is a B2B product not directed at children. We do not knowingly collect data from anyone under 16.

We’ll update this page when our practices change. Material changes will be communicated to active customers via email.

Questions or requests: privacy@growbigventures.com
Mailing address: Grow Big Ventures LLC, c/o the email above (we’ll respond with a postal address if needed for a formal request).